[stir] Re: Shepherd Review of draft-ietf-stir-certificates-shortlived-03
James Olorundare <olorundarek@gmail.com> Sun, 02 November 2025 20:25 UTC
Return-Path: <olorundarek@gmail.com>
X-Original-To: stir@mail2.ietf.org
Delivered-To: stir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 79B1E80D7CF2 for <stir@mail2.ietf.org>; Sun, 2 Nov 2025 12:25:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KeKSRDKgh5kB for <stir@mail2.ietf.org>; Sun, 2 Nov 2025 12:25:21 -0800 (PST)
Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 28D2680D7CE3 for <stir@ietf.org>; Sun, 2 Nov 2025 12:25:21 -0800 (PST)
Received: by mail-qv1-xf2e.google.com with SMTP id 6a1803df08f44-795be3a3644so24188986d6.0 for <stir@ietf.org>; Sun, 02 Nov 2025 12:25:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1762115115; x=1762719915; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=GFQAnuNcz6jsQYyOImwXjXJRCxjQwEP8lESQsWL7TAM=; b=j61Ag2x4hiTFTxf+vcL1jmBV5xihpxXhTWz4oCBRC6zsiEtq79D7yaNW/sqXPz0j5N gBIAMrJyZH226+tb4r9ZVn2ju/k+8X/GnBgvJivqN7D8DL4fucURkSmKrIuDoTGgj1Cv Hqnbe7DmbMkGJ+lzqEY4uOgDvIs3d19fVpdrUWemcGMEUbQp1e5G22fMxsKtGZV5QhkX gv/A2khfF3CtUkkXQTIM5DczE1QhGe9NAoSb+wwfRjwEsH6Owidvb+3LwKqmGcj6WxPd LNCa4wInzePOXnrTNOYmt+/bn+63C+dK2c57RDBiBcTzQzZFn0tjNCtT7Nn/isjg26Lk D4mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762115115; x=1762719915; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GFQAnuNcz6jsQYyOImwXjXJRCxjQwEP8lESQsWL7TAM=; b=d1pEQinuGuQx9jOJbHO0pK9L9PWob8miPXXuwVMAMgh/xFvb9Aidpkm4qRyTLX7fkv QXML4LOyq7Ck3N70uebpRAZ+HzdLw/bau827BwFXQxZ4Un56C5gaIDCOTaKAqOGueBHa NaWQCHYYWH0ISTQh2lJNKirSm738Rs2kBfVefszFVHhAeixNLVmsdBUZWG5FTAF8s8K4 bWRJdtt98Y92DFI6CdGhuLgCgKdB8BSsT0JEnFiKzef3QppaP6maodrVf0TRrAAhWSgF K7p1s3UoyBOEsAbTALo4ZRHAnT8Ar+mQc7vHe4K4AxWV4vggKSmLQmTw5bfjNKj+UQ7A EYwA==
X-Forwarded-Encrypted: i=1; AJvYcCXnDeKI3oI5JdI+of4yKdHZ0cZUAlfjLfLQ1Z6pxk2jzPuHYVZOPcLm/Cxj8enGuSMGxbpz@ietf.org
X-Gm-Message-State: AOJu0Yxc8Z6P/xGrOhmeD3KRfTd5BpvPg8/biXDO/Lfv/TsBr/nxzYsk 23Q21FNWmHv5TjkuoamzH9d7XgOSuR1k9E3kR9uMIdMmH0HCSXnGg9TcXVJvc4OhHyB4CzXpKU/ eTLFHFtIFfsgApC/9HDJQMK63ea6hZ6E=
X-Gm-Gg: ASbGncvTn4QFlX+dv1oBogh0KRDH1gsEbc1g/ShhJS3it4cT84huNt+jc3uG5ATcWFQ Z4w1ppfmfz9w92GAPe7VaT+DULkbDqoTsyk6XyppxfmVivwBpJnM9pB+mGBGF/+w7jMxvb9NkD5 xYkMFSJV9cyf3J3CdMtBx+EwCiw8opXK6GJqBsxzGTlrNmNwY+QjsdtRGpo9T1cbYfybTPZtsSP g++9cSfUMxACUUn3w/2/ofg2mr5ehGms1RBC9FL3LAUT9s5Nq7KEMbQkPoHsndJHQTL/Px/XkA=
X-Google-Smtp-Source: AGHT+IF4MbTphvhZ1afAkCwa1SXumAT8nJAws9nw+AB+He4BsVYWh2nwN3LG1Iq/EKjpNmMd9RTqlSFncNmVbPbY9jI=
X-Received: by 2002:ad4:5c4e:0:b0:87c:1f7c:76ea with SMTP id 6a1803df08f44-8802f451581mr140328456d6.44.1762115115040; Sun, 02 Nov 2025 12:25:15 -0800 (PST)
MIME-Version: 1.0
References: <EC2A249A-EFD0-407C-BCD0-EF3968E56D7F@nostrum.com> <CO6PR17MB49781F580E27D01D9EA06420FDF2A@CO6PR17MB4978.namprd17.prod.outlook.com>
In-Reply-To: <CO6PR17MB49781F580E27D01D9EA06420FDF2A@CO6PR17MB4978.namprd17.prod.outlook.com>
From: James Olorundare <olorundarek@gmail.com>
Date: Sun, 02 Nov 2025 15:25:04 -0500
X-Gm-Features: AWmQ_bk23UmqohGdgGnEhCvtXdXxCgP9Y6T7MYNj09TWVf35epyezGsBz9j1HT4
Message-ID: <CAD+v076Ch9uP8ZckXiUqrsfik+Bzr8cQYD=A+uqd-yVRWMMigg@mail.gmail.com>
To: "Peterson, Jon" <Jon.Peterson=40transunion.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007c45240642a2651b"
Message-ID-Hash: AXQW3NZNPSVEJHTS4D47HI7FSQGZM73M
X-Message-ID-Hash: AXQW3NZNPSVEJHTS4D47HI7FSQGZM73M
X-MailFrom: olorundarek@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-stir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Ben Campbell <ben@nostrum.com>, Russ Housley <housley@vigilsec.com>, "stir@ietf.org" <stir@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [stir] Re: Shepherd Review of draft-ietf-stir-certificates-shortlived-03
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/Zse_psr-y9CyWXVrdEjY-KmAyTM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Owner: <mailto:stir-owner@ietf.org>
List-Post: <mailto:stir@ietf.org>
List-Subscribe: <mailto:stir-join@ietf.org>
List-Unsubscribe: <mailto:stir-leave@ietf.org>
Please when is the stir meeting in the ongoing IETF124? Thank you. Sent from Gmail Mobile of Ojk On Sun, 2 Nov 2025 at 15:06, Peterson, Jon <Jon.Peterson= 40transunion.com@dmarc.ietf.org> wrote: > > Thank Ben, some responses below: > > > > ##Standard Questions > > > > - Are you aware of any IPR that needs to be declared? > > > <JFP> I am not aware of any IPR. > > > - Do you still want your name on the resulting RFC? > > > <JFP> Yes. > > > > ## Substantive Comments > > ### Section 1 > > - “… this document revises the guidance of [RFC8224]…”: Should this draft > formally update that RFC? If not, then maybe this should be reworded, > otherwise there is a risk of the IESG getting wrapped around this axle. > > > <JFP> I don’t think it really needs to update RFC8224, as it is only > compliance with this specification that makes support for “x5c” mandatory. > I can rephrase to remove that implication. > > > ### Section 4 > > - 2nd paragraph, “… this specification permits the conveyance”: IIUC, this > specification _requires_ that conveyance for short-lived certs following > this specification. > > > <JFP> It does indeed, will fix. > > > - Last paragraph: We are not actually allowing that alternative approach > to x5c, right? I think this sentence will cause confusion during the IESG > review. Is it actually needed? > > > <JFP> Um, the last paragraph says a couple of things. Making “x5c” > mandatory does not preclude allowing “x5u” to also be present for backwards > compatibility reasons. I think I’d like to keep that. And the x5c URL could > use cid: or something to point to a MIME body, if we wanted it to, without > running afoul of anything else discussed in this spec I think. The fact > that MIME doesn’t work as well for OOB doesn’t mean this could never work > as an approach. If it seems super confusing maybe it could go in an > appendix or something? > > > <JFP> I’ll address the nits below, they seem fine. > > > > ## Minor Comments and Nits > > > > ### Section 1 > > - Paragraph 1: “… the implementation of credentials which identify…”: > s/which/that > > - “… this document revises the guidance of [RFC8224] to REQUIRE”: I’m > guessing REQUIRE should not be capitalized, since this is a statement of > fact, not an authoritative normative statement. > > ### Section 4: > > - Example PassPORT: Has this been verified mechanically > > ### Normative References > > - It seems like several of these could be informative and save people the > problem of checking against the downref registry > > - Are [ATIS-0300251] and [DSS] actually cited in the document somewhere? > If so, I missed it. > > Jon Peterson > TransUnion > _______________________________________________ > stir mailing list -- stir@ietf.org > To unsubscribe send an email to stir-leave@ietf.org >
- [stir] Shepherd Review of draft-ietf-stir-certifi… Ben Campbell
- [stir] Re: Shepherd Review of draft-ietf-stir-cer… Peterson, Jon
- [stir] Re: Shepherd Review of draft-ietf-stir-cer… James Olorundare
- [stir] Re: Shepherd Review of draft-ietf-stir-cer… Peterson, Jon